This page provides instructions on how to install the Threat Intel Quick Analysis App, and examples of each of dashboards.

This app contains generic regex expressions and thus may not perform well at very large scale. Once you are familiar with Sumo Logic, you can apply performance optimization techniques as described in Threat Intel Optimization. Alternatively, you can run this app on smaller and more specific data streams.

Install the Sumo Logic App

This page provides instructions on how to install the Threat Intel Quick Analysis App, and examples of each of dashboards. The preconfigured searches and Dashboards provide easy-to-access visual insights into your data.

To install the app:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

From the App Catalog, search for and select the app.

To install the app, click Add to Library and complete the following fields.

App Name. You can retain the existing name, or enter a name of your choice for the app.

Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.

Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization.

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps.

Dashboards

All Dashboards include filters that you can use in Interactive Mode for further analysis of your Threat Intel Quick Analysis data. Because the Threat Intel Quick Analysis has the most bearing on recent threats, most panels are set to the 15 minute time range. You can adjust time ranges as needed.

Live mode and real-time queries are not supported for dashboards at this time.

Threat Intel Quick Analysis - Overview

See the frequency of Domain threats by Actor, Log Source, Malicious Confidence, and view trends over time.

Welcome to the Threat Intel Quick Analysis App. Informational panel to help you find information on optimization and FAQs on working with the Threat Intel database.

Number of Log Lines (Events) Scanned for Threats. Count of log lines scanned across all selected sources for the last 15 minutes.

IP Threat Count. Count of threats related to malicious IPs, for the last 15 minutes.

File Name Threat Count. Count of threats related to malicious file names, for the last 15 minutes.

URL Threat Count. Count of threats related to malicious URLs, for the last 15 minutes.

Email Threat Count. Count of threats related to malicious email addresses, for the last 15 minutes.

Domain Threat Count. Count of threats related to malicious domains, for the last 15 minutes.